Merge pull request #84 from sector2000/add-helm-secrets-sops-age

mbaldessari · web-flow · commit cb8ce0b2b67b · 2026-02-16T17:23:00.000+01:00
Add helm-secrets, sops and age
diff --git a/Containerfile b/Containerfile
@@ -25,11 +25,15 @@ ARG DNF_TO_REMOVE="dejavu-sans-fonts langpacks-core-font-en langpacks-core-en la
 ARG RPM_TO_FORCEFULLY_REMOVE="cracklib-dicts"
 # Versions
 ARG OPENSHIFT_CLIENT_VERSION="4.14.20"
+ARG HYPERSHIFT_VERSION="2.7.2-1"
 ARG HELM_VERSION="3.13.3"
 ARG ARGOCD_VERSION="2.9.7"
 ARG TKN_CLI_VERSION="0.35.2"
 ARG YQ_VERSION="4.40.7"
 ARG TEA_VERSION="0.9.2"
+ARG SOPS_VERSION="3.11.0"
+ARG AGE_VERSION="1.3.1"
+ARG HELM_SECRETS_VERSION="4.7.5"
 
 # As of 9/5/2024: awxkit is not compatible with python 3.12 due to setuptools
 # Ansible-core 2.19 is needed for losing track of async jobs (as noted in AGOF for infra.controller_configuration)
@@ -47,11 +51,10 @@ ARG OPTTARGETARCH
 # Extra rpms for specific arches. Needed because on arm64 pip insists on rebuilding psutils
 ARG EXTRARPMS
 
-ARG HYPERSHIFT_VER="2.7.2-1"
-ARG HYPERSHIFT_URL="https://developers.redhat.com/content-gateway/file/pub/mce/clients/hcp-cli/${HYPERSHIFT_VER}/hcp-cli-${HYPERSHIFT_VER}-linux-${TARGETARCH}.tar.gz"
-
 USER root
 
+ENV HELM_PLUGINS=/etc/helm-plugins
+
 ADD https://cli.github.com/packages/rpm/gh-cli.repo /etc/yum.repos.d/gh-cli.repo
 
 # 'pip' is expected to be the pip resolved by 'python3 pip' AKA the one we install with PYTHON_VERSION
@@ -66,24 +69,18 @@ microdnf remove -y $DNF_TO_REMOVE && \
 rpm -e --nodeps $RPM_TO_FORCEFULLY_REMOVE && \
 microdnf clean all && \
 rm -rf /var/cache/dnf && \
-curl -sfL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v${ARGOCD_VERSION}/argocd-linux-${TARGETARCH} && \
-chmod +x /usr/local/bin/argocd && \
-curl -sLfO https://get.helm.sh/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz && \
-tar xf helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz --strip-component 1 -C /usr/local/bin && \
-chmod +x /usr/local/bin/helm && rm -f /usr/local/bin/README.md && rm -f /usr/local/bin/LICENSE && \
-rm -f helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz && \
-curl -sLfO https://github.com/tektoncd/cli/releases/download/v${TKN_CLI_VERSION}/tkn_${TKN_CLI_VERSION}_Linux_${ALTTARGETARCH}.tar.gz && \
-tar xf tkn_${TKN_CLI_VERSION}_Linux_${ALTTARGETARCH}.tar.gz -C /usr/local/bin --no-same-owner && chmod 755 /usr/local/bin/tkn && \
-rm -f tkn_${TKN_CLI_VERSION}_Linux_${ALTTARGETARCH}.tar.gz && \
-rm -f /usr/local/bin/README.md && rm -f /usr/local/bin/LICENSE && \
-curl -skLf -o hcp.tar.gz ${HYPERSHIFT_URL} && \
-tar xf hcp.tar.gz -C /usr/local/bin/ && \
-rm -f hcp.tar.gz && \
-curl -sLfO https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OPENSHIFT_CLIENT_VERSION}/openshift-client-linux-${OPTTARGETARCH}${OPENSHIFT_CLIENT_VERSION}.tar.gz && \
-tar xvf openshift-client-linux-${OPTTARGETARCH}${OPENSHIFT_CLIENT_VERSION}.tar.gz -C /usr/local/bin && \
-rm -rf openshift-client-linux-${OPTTARGETARCH}${OPENSHIFT_CLIENT_VERSION}.tar.gz  && rm -f /usr/local/bin/kubectl && ln -sf /usr/local/bin/oc /usr/local/bin/kubectl && \
-curl -sSL -o /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_${TARGETARCH} && chmod 755 /usr/local/bin/yq && \
-curl -sSL -o /usr/local/bin/tea https://gitea.com/gitea/tea/releases/download/v${TEA_VERSION}/tea-${TEA_VERSION}-linux-${TARGETARCH} && chmod 755 /usr/local/bin/tea && \
+curl -sSfL https://github.com/argoproj/argo-cd/releases/download/v${ARGOCD_VERSION}/argocd-linux-${TARGETARCH} -o /usr/local/bin/argocd && \
+curl -sSfL https://get.helm.sh/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz | tar xzf - --strip-components=1 -C /usr/local/bin linux-${TARGETARCH}/helm && \
+curl -sSfL https://github.com/tektoncd/cli/releases/download/v${TKN_CLI_VERSION}/tkn_${TKN_CLI_VERSION}_Linux_${ALTTARGETARCH}.tar.gz | tar xzf - -C /usr/local/bin tkn && \
+curl -sSfL https://developers.redhat.com/content-gateway/file/pub/mce/clients/hcp-cli/${HYPERSHIFT_VERSION}/hcp-cli-${HYPERSHIFT_VERSION}-linux-${TARGETARCH}.tar.gz | tar xzf - -C /usr/local/bin ./hcp && \
+curl -sSfL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OPENSHIFT_CLIENT_VERSION}/openshift-client-linux-${OPTTARGETARCH}${OPENSHIFT_CLIENT_VERSION}.tar.gz | tar xzf - -C /usr/local/bin oc && ln -sf /usr/local/bin/oc /usr/local/bin/kubectl && \
+curl -sSfL https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_${TARGETARCH} -o /usr/local/bin/yq && \
+curl -sSfL https://gitea.com/gitea/tea/releases/download/v${TEA_VERSION}/tea-${TEA_VERSION}-linux-${TARGETARCH} -o /usr/local/bin/tea && \
+curl -sSfL https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux.${TARGETARCH} -o /usr/local/bin/sops && \
+curl -sSfL https://github.com/FiloSottile/age/releases/download/v${AGE_VERSION}/age-v${AGE_VERSION}-linux-${TARGETARCH}.tar.gz | tar xzf - --strip-components=1 -C /usr/local/bin age/age* && \
+mkdir -p "${HELM_PLUGINS}" && \
+curl -sSfL https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar xzf - -C "${HELM_PLUGINS}" && \
+chown root:root /usr/local/bin/* && chmod 755 /usr/local/bin/* && \
 rm -rf /root/anaconda* /root/original-ks.cfg /usr/local/README
 
 # The hypershift cli is downloaded directly from the cluster.
@@ -126,19 +123,21 @@ mv /usr/local/bin/ansible-playbook /usr/local/bin/ansible-playbook.orig && \
 cp /tmp/ansible-playbook-wrapper.sh /usr/local/bin/ansible-playbook && \
 chmod +x /usr/local/bin/ansible-playbook && \
 rm -rf /usr/local/lib/python${PYTHON_VERSION}/site-packages/ansible_collections/$COLLECTIONS_TO_REMOVE && \
-curl -L -O https://raw.githubusercontent.com/clumio-code/azure-sdk-trim/main/azure_sdk_trim/azure_sdk_trim.py && \
+curl -sSfL -O https://raw.githubusercontent.com/clumio-code/azure-sdk-trim/main/azure_sdk_trim/azure_sdk_trim.py && \
 python3 azure_sdk_trim.py && rm azure_sdk_trim.py && pip uninstall -y humanize && \
 if [ -n "$EXTRARPMS" ]; then microdnf remove -y $EXTRARPMS; fi && \
 mkdir -p /pattern/.ansible/tmp /pattern-home/.ansible/tmp && \
 find /pattern/.ansible -type d -exec chmod 770 "{}" \; && \
 find /pattern-home/.ansible -type d -exec chmod 770 "{}" \;
 
 
-# Adding python scripts to start, stop and retrieve status of hostedcluster instnances
+# Adding python scripts to start, stop and retrieve status of hostedcluster instances
 ADD https://raw.githubusercontent.com/validatedpatterns/utilities/main/aws-tools/start-instances.py \
     https://raw.githubusercontent.com/validatedpatterns/utilities/main/aws-tools/stop-instances.py \
     https://raw.githubusercontent.com/validatedpatterns/utilities/main/aws-tools/status-instances.py /usr/local/bin/
 
+RUN chmod 755 /usr/local/bin/start-instances.py /usr/local/bin/stop-instances.py /usr/local/bin/status-instances.py
+
 COPY default-cmd.sh /usr/local/bin
 WORKDIR /pattern
 CMD ["/usr/local/bin/default-cmd.sh"]
diff --git a/README.md b/README.md
@@ -14,48 +14,51 @@ This container provides a pre-configured environment with all the necessary tool
 
 <!-- textlint-disable -->
 
-|                name                 |    type    |    version     |
-| :---------------------------------: | :--------: | :------------: |
-|               ansible               |    pip     |    2.16.14     |
-|            ansible.posix            | collection |     2.1.0      |
-|           ansible-runner            |    pip     |     2.4.2      |
-|            ansible.utils            | collection |     6.0.0      |
-|               argocd                |   binary   | v2.9.7+fbb6b20 |
-|               awscli                |    pip     |    1.42.65     |
-|               awx.awx               | collection |     24.6.1     |
-|               awxkit                |    pip     |     24.6.1     |
-|              azure-cli              |    pip     |     2.79.0     |
-|                boto3                |    pip     |    1.40.65     |
-|              botocore               |    pip     |    1.40.65     |
-|          community.general          | collection |     12.0.0     |
-|            community.okd            | collection |     5.0.0      |
-|               gcloud                |    pip     |     0.18.3     |
-|                 gh                  |  package   |     2.82.1     |
-|              git-core               |  package   |     2.47.3     |
-|                gzip                 |  package   |      1.12      |
-|                 hcp                 |   binary   |     4.17.0     |
-|                helm                 |   binary   |    v3.13.3     |
-|       infra.ah_configuration        | collection |     2.1.0      |
-|   infra.controller_configuration    | collection |     3.2.0      |
-|       infra.eda_configuration       | collection |     1.1.0      |
-|              jmespath               |    pip     |     1.0.1      |
-|                 jq                  |  package   |      1.6       |
-|           kubernetes.core           | collection |     6.2.0      |
-|             kubernetes              |    pip     |     34.1.0     |
-|              kustomize              |   binary   |     v5.0.1     |
-|                make                 |  package   |      4.3       |
-|              openshift              |   binary   |    4.14.20     |
-|               pytest                |    pip     |     8.4.2      |
-|             python3-pip             |  package   |     21.3.1     |
-|               python                |  package   |    3.11.11     |
-| redhat_cop.controller_configuration | collection |     2.3.1      |
-|         rhvp.cluster_utils          | collection |     1.1.0      |
-|               sshpass               |  package   |      1.09      |
-|                 tar                 |  package   |      1.34      |
-|                 tea                 |   binary   |     0.9.2      |
-|               tekton                |   binary   |     0.35.2     |
-|                 vi                  |  package   |    8.2.2637    |
-|          vp-qe-test-common          |    pip     |     0.1.0      |
+|                name                 |     type    |    version     |
+| :---------------------------------: | :---------: | :------------: |
+|                 age                 |    binary   |     1.3.1      |
+|               ansible               |     pip     |    2.16.14     |
+|            ansible.posix            |  collection |     2.1.0      |
+|           ansible-runner            |     pip     |     2.4.2      |
+|            ansible.utils            |  collection |     6.0.0      |
+|               argocd                |    binary   | v2.9.7+fbb6b20 |
+|               awscli                |     pip     |    1.42.65     |
+|               awx.awx               |  collection |     24.6.1     |
+|               awxkit                |     pip     |     24.6.1     |
+|              azure-cli              |     pip     |     2.79.0     |
+|                boto3                |     pip     |    1.40.65     |
+|              botocore               |     pip     |    1.40.65     |
+|          community.general          |  collection |     12.0.0     |
+|            community.okd            |  collection |     5.0.0      |
+|               gcloud                |     pip     |     0.18.3     |
+|                 gh                  |   package   |     2.82.1     |
+|              git-core               |   package   |     2.47.3     |
+|                gzip                 |   package   |      1.12      |
+|                 hcp                 |    binary   |     4.17.0     |
+|                helm                 |    binary   |    v3.13.3     |
+|             helm-secrets            | helm plugin |     4.7.5      |
+|       infra.ah_configuration        |  collection |     2.1.0      |
+|   infra.controller_configuration    |  collection |     3.2.0      |
+|       infra.eda_configuration       |  collection |     1.1.0      |
+|              jmespath               |     pip     |     1.0.1      |
+|                 jq                  |   package   |      1.6       |
+|           kubernetes.core           |  collection |     6.2.0      |
+|             kubernetes              |     pip     |     34.1.0     |
+|              kustomize              |    binary   |     v5.0.1     |
+|                make                 |   package   |      4.3       |
+|              openshift              |    binary   |    4.14.20     |
+|               pytest                |     pip     |     8.4.2      |
+|             python3-pip             |   package   |     21.3.1     |
+|               python                |   package   |    3.11.11     |
+| redhat_cop.controller_configuration |  collection |     2.3.1      |
+|         rhvp.cluster_utils          |  collection |     1.1.0      |
+|                sops                 |    binary   |     3.11.0     |
+|               sshpass               |   package   |      1.09      |
+|                 tar                 |   package   |      1.34      |
+|                 tea                 |    binary   |     0.9.2      |
+|               tekton                |    binary   |     0.35.2     |
+|                 vi                  |   package   |    8.2.2637    |
+|          vp-qe-test-common          |     pip     |     0.1.0      |
 
 <!-- textlint-enable -->
 
